Menu

Laravel 5.4 Native Multi Authentication Notes

06 April 2017

For this we will demonstrate creating a customer type with their own separate authentication table, model, login and registration.
This shows in internal account creation whereby only the admin is allow to register new users of this type. This might be useful for scenarios where there are many user types (each with fundamentally different models) that an administrator is allowed to create users for.

Note: In a lot of cases you may well be over-engineering, consider first whether to actually need multi auth. Could you just add a 'user_type' field to your tables for example. Where that starts to fall down as a solution is if your user types have entirely different models and the separation of the user types can make it easier to separate these concerns into individual models of those users along with authentication.

Create a placeholder login url

e.g. http://localhost/customer/login

Create a login form

Laravel ships with a default login and registration form, along with authentication controllers. We can use these as starting code for our own logins.

Navigate to /var/www/resources/views/auth. This is where you'll find the default single user type login and registration views/templates.

These notes assume you have a 'Customer' class in your /app directory. Note: In order to be able to authenticate against this table, the following fields must be present on the table for that model:

email - e.g. varchar(255)

password e.g. varchar(255)

remember_token e.g. varchar(100)

timestamps

last_accessed e.g. datetime

username - If using username for authentication as these notes do.

Consult the 2014_10_12_000000_create_users_table.php migration for an example of creating a table with these field, note you'll probably need to perform an edit migratoin rather than a create. e.g. php artisan make:migration --table=customers 'add login fields to customers table'

Example: Edit an existing 'customers' table to include fields for authentication.

Redirect after registration

Decide where you want to redirect your administrator to after they've created the user. For our use case, we want to allow the administrator to add additional details after creating a login for the customer user type.

So for this example, we remove the default $redirectTo and instead edit the register() method to redirect the administrator to the edit page of the user after their user account is created:

The above is the CustomerRegisterController.php, within our /var/www/app/Http/Controllers/Auth direcory.

We also add a helpful flash message 'Now add the customer details' which we'll show on the CustomerController edit view.

Created an authenticated area

With all that set-up you're now free to make use of the authentication guard hover you please.

Check authentication at the Blade template level

Close off entire routes to certain user types (see below)

To lock out a collection of routes to a particular guard / type of login you can create a route group and pass the guard(s) as middleware. This causes Laravel to block access to non authenticated routes.